Week 23 In Review – 2017

impacket – github.com
This script will exploit CVE-2017-7494, uploading and executing the shared library specified by the user through the –so parameter.

Automating the Empire with the Death Star: getting Domain Admin with a push of a button – byt3bl33d3r.github.io
Originally, I wanted something that could just take BloodHounds output, parse it, feed it to Empire and make it follow the ‘chain’. However, BloodHound does not take into account (at least to my knowledge) paths that could be achieved using domain privilege escalations such as GPP Passwords in SYSVOL (I personally find that one an almost every engagement).

City-Wide IMSI-Catcher Detection – seaglass.cs.washington.edu
Modern cellphones are vulnerable to attacks by governments and hackers using rogue cellular transmitters called IMSI-catchers. These surveillance devices can precisely locate phones, and sometimes eavesdrop on communications, send spam, or inject malware into phones.

Sponsors

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.